Someone calls this approach “double tunneling”, here is a graphical explanation to make it stick into my memory:

Keep in mind that connections to port 1234 must be allowed by the firewall on the “jump host”, in my iptables setup (which uses a chain named in-new for new input connections), I'd do something like that:

Tunneling to your IM contacts

For instance the command below makes your SSH server accessible to the local port 2222 of the contact you choose:

ssh-contact -- -l remote_ssh_user -R 2222:localhost:22

This other command makes the SSH server of your contact accessible on your local port 2222:

ssh-contact -- -l remote_ssh_user -L 2222:localhost:22

These kind of tricks can be useful if you want to do some file transfers via SCP/sftp, for example.

Note

It's been a while since I did some networking stuff, so my terminology may sound a little off: I could have used “Jump Node” or “Relay Node” instead of “Jump Host”, let me know if you think there is room for improvement in the article or in the drawing.